Customer Liability in The Age of Digital Banking

Who is liable for money lost when fraud occurs in a customer’s bank account or card through illegal access/use of ATM or any of the Digital Channels (Internet Banking, Mobile Banking, Payments, E-wallets, etc.)?

The answer depends on the country where the account is being operated.

While the customer is responsible for the safe keeping of his/her ATM Card, Pin, Internet Banking and Mobile Banking credentials, different countries have different regulations on ‘limited liability’ of the customer.

When a customer discovers and reports fraud in her account through the use of ATM, Internet Banking or Mobile Banking, she is not liable for the full funds lost.

In the US, the Federal “Regulation E” Consumer Protection Act ensures that customer’s liability is capped at $50 if she contacts the financial institution within 2 days of discovering loss, theft or theft of the access device. The bank is liable for the rest of the money lost.

Many banks take account protection a step further with their banking guarantee and even waive the $50 liability given the fiercely competitive market.

As a result, banks take the entire responsibility for the loss. The UK too has similar consumer protection clauses for electronic banking transactions.

India’s central banking institution, the Reserve Bank of India (RBI) has been working on beefing up customer protection aspects of banking supervision for the past few years.

RBI’s recent communication to Indian banks on limited customer liability is laudable for its bold steps towards better customer service and protection in the Indian banking ecosystem.

It mandates banks to adopt better systems and processes to ensure safety and security of electronic transactions including the robust fraud detection and prevention mechanisms.

Some of the highlights in the communication:

Mandatory By Banks For All Digital Transactions

Registration of customers for text alerts and email wherever available, for electronic transactions.

Text alerts to customers for all electronic transactions and email alerts to customer registered email.

Enable customers to instantly respond by Reply to text alert for unauthorised transactions.

Zero Liability of Customer

The customer has zero liability for the loss where unauthorised transaction occurs in case of:

Contributory fraud/negligence/deficiency on part of bank irrespective of whether the transaction is reported by the customer.

Third party breach, where the deficiency lies neither with the bank nor with the customer but lies elsewhere in the system and the customer notifies the bank within 3 working days of receiving the communication from the bank regarding the transaction.

Limited Liability of Customer

The customer has limited liability for the lost funds due to unauthorised transactions in the following cases:

Where loss is due to negligence of the customer, such as sharing payment credentials, the customer will bear the entire loss until customer reports the unauthroised transaction to the bank. Any loss occuring after customer reports unauthorised transaction should be borne by the bank.

Where the responsibility for the unauthorised electronic banking transaction lies neither with the bank nor with the customer, but lies elsewhere in the system and when there is a delay (of 4 to 7 working days after receiving the communication from the bank) on the part of the customer in notifying the bank of such a transaction, the per transaction liability of the customer shall be limited to the range of INR 5000 to INR 25,000 based on the type of the accounts and the average balance/credit limit.

Where the delay in reporting is beyond 7 working days, the customer liability shall be determined as per the bank’s Board approved policy.

Customer Liability – Summary

Time Taken To Report Fraudulent Transaction From Date Of Receiving The Communication

Customer’s Liability (in INR)

Within 3 working days

Zero liability

Within 4 to 7 working days

The transaction value or the amount mentioned in Table 1, whichever is lower

Beyond 7 working days

As per the bank’s Board approved policy

Moreover, the bank should credit the amount involved in unauthorised transactions to the customer’s account within 10 working days from the date of reporting by the customer.

These measures will certainly take digital adoption to the next level for the Indian banking sector and the overall economy.

While banks must invest in the enabling technology and processes, the benefits of increased customer confidence in digital adoption far outweigh the enablement costs.

About the Author:

Jayaprakash (JP) Kavala

Director – Product Management

Jayaprakash (JP) heads Product Management and global Pre-Sales, Alliances and Business Development for CustomerXPs’ Clari5 product suite. With over 13 years of rich and extensive Fintech experience and deep understanding of business, domain & technologies across products & services, JP is an accomplished banking technology professional with experiential acumen in taking high-tech enterprise products to market. With 360 degree experience in steering products from conceptual stage to category leadership, he has a commendable track record in building, positioning & selling Enterprise Fraud Management and AML solutions. JP has had several C-level conversations, has conducted consulting assignments at prominent global financial institutions and brings deep knowledge of market trends & requirements in the enterprise financial crime management domain. In his previous role at Wipro Technologies, JP led domain-specific consulting assignments for large banks across US, UK and India spanning across Core Banking, Internet Banking, Mobile Banking, Credit Cards, Lending, Payments and Cash Management. At Wipro, he also led business analysis for their Banking Business Solutions CoE. JP holds an MBA from IIT-Delhi and is a B.Tech in Computer Science from Osmania University.